4.2 Explain the security implications of proper hardware, software, and data asset management Flashcards

1
Q

Acquisition and Procurement

Acquisition

A

Process of obtaining goods and services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Acquisition and Procurement

Procurement

A

Entire process of sourcing and obtaining those goods and services, including all the processess that lead up to the acquisition

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Data Classification

A

Based on the value to the organization and the sensitivity of the information, determined by the data owner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Public

A

No impact if released, often publicly accessible

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Sensitive

A

Minimal impact if released

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Private

A

Contains internal personnel or salary information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Critical

A

Extremely valuable and restricted information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Data owner

A

A senior executive responsible for labeling information assets and ensuring they are protected with appropriate controls. Should be someone who understands the data content and can classify appropriately

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Data Controller

A

Entity responsible for determining data storage,collection,and ensuring the legality of these processes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Data Processor

A

A group or individual hired by the data controller to assist with tasks like data collection and processing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Data Steward

A

Focuses on meta data and data quality ensuring data is appropriately labeled and classified. Often working under the data owner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Data Custodian

A

Responsible for managing the systems on which data assets are stored including enforcing access controls , encryption, and backup measures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Privacy Officer

A

Oversees privacy related data such as PII and PHI and ensuring compliance with legal and regulatory frameworks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Allocation or assignment of ownership

A

each asset assigned to a person or group known as owners

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Asset Monitoring

A

Maintaining an inventory with specifications, locations, and assigned users

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Asset Tracking

A

goes beyond monitoring, involving the location, status, and condition of assets using software and tracking technology

17
Q

Enumeration

A

Identifies and counts assets
Aids in maintaining an accurate inventory

18
Q

Asset Disposal and Decommissioning

A

Necessity to manage the disposal of outdated assets

19
Q

NIST Special Publication 800-88

(Guidelines for Media Sanitization)

A

Provides guidance on asset disposal and decommisioning

20
Q

Sanitization

A

Thorough process to make data inaccessible and irretrievable from storage medium using traditional forensic methods

21
Q

Overwriting

(Sanitization)

A

replacing existing data on a a storage device with random bits of information to ensure that the original data is obscured

22
Q

Degaussing

(Sanitization)

A

utilizies a machine called a degausser to produce a strong magnetic field that renders storage media unreadable and irretrievable

23
Q

Secure Erase

(Sanitization)

A

Deletes data and ensures it can’t be recovered

24
Q

Cryptographic Erase(CE)

(Sanitization)

A

destroys or deletes encryption keys
rendering data unreadable

25
Q

Destruction

A

ensures physical device is unusable
used in high security environments

26
Q

Certification

A

acts as proof that data or hardware has been securely disposed

27
Q

Data Retention

A

deciding what to keep and for how long
data lifecycle from creation to disposal

28
Q

Reasons to retain data

A

Regulatory requirements
Historical Analysis
Trend prediction
Dispute resolution

29
Q
A